我正在创建基于javascript和PHP的登录脚本。但我对此有问题。
无论我通过表单发送什么,我都会被重定向到用户.php?u=loginfailed。它是否正确是电子邮件和密码(我在我的数据库中)并不重要。如您所见,页面"user.php?u=X"只有在正确输入电子邮件和密码时才应打开。但是就我而言,当我发送正确的数据和不正确的数据时,它将是相同的......总而言之 - 正确的数据应该将我重定向到 user.php?u=X,不正确应该在表单下方显示一条错误消息。
对此,你怎么看?
索引.php
<?php
if(isset($_POST["e"])){
include_once("../db/db_fns.php");
$e = mysqli_real_escape_string($db_conx, $_POST['e']);
$p = md5($_POST['p']);
$ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
if($e == "" || $p == ""){
echo "loginfailed";
exit();
} else {
$sql = "SELECT id, username, password FROM users WHERE email='$e' AND activated='1' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$row = mysqli_fetch_row($query);
$db_id = $row[0];
$db_username = $row[1];
$db_pass_str = $row[2];
if($p != $db_pass_str){
echo "loginfailed";
exit();
} else {
$_SESSION['userid'] = $db_id;
$_SESSION['username'] = $db_username;
$_SESSION['password'] = $db_pass_str;
setcookie("id", $db_id, strtotime( '+30 days' ), "/", "", "", TRUE);
setcookie("user", $db_username, strtotime( '+30 days' ), "/", "", "", TRUE);
setcookie("pass", $db_pass_str, strtotime( '+30 days' ), "/", "", "", TRUE);
$sql = "UPDATE users SET ip='$ip', lastlogin=now() WHERE username='$db_username' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
echo $db_username;
exit();
}
}
exit();
}
?>
<script src="../js/main.js"></script>
<script src="../js/ajax.js"></script>
<script src="login.js"></script>
<form id="loginform" onsubmit="return false;">
<div>Email Address:</div>
<input type="text" id="email" onfocus="emptyElement('status')" maxlength="88">
<div>Password:</div>
<input type="password" id="password" onfocus="emptyElement('status')" maxlength="100">
<br /><br />
<button id="loginbtn" onclick="login()">Log In</button>
<p id="status"></p>
<a href="#">Forgot Your Password?</a>
</form>
登录.js
function emptyElement(x) {
_(x).innerHTML = "";
}
function login() {
var e = _("email").value;
var p = _("password").value;
if (e == "" || p == "") {
_("status").innerHTML = "Fill out all of the form data";
} else {
_("loginbtn").style.display = "none";
_("status").innerHTML = 'please wait ...';
var ajax = ajaxObj("POST", "index.php");
ajax.onreadystatechange = function() {
if(ajaxReturn(ajax) == true) {
if(ajax.responseText == "loginfailed") {
_("status").innerHTML = "Login unsuccessful, please try again.";
_("loginbtn").style.display = "block";
} else {
window.location = "user.php?u="+ajax.responseText;
}
}
}
ajax.send("e="+e+"&p="+p);
}
}
试试这个:尝试提醒ajax.responseText,看看它是否返回正确的结果而没有错误。在比较这样的响应文本之前,用户也trim:if(ajax.responseText.trim() == "loginfailed")
为什么你不使用Jquery,因为它非常简单易用。
我相信
您缺少退货,因此无论如何您的表格都会提交。不要忘记让 login() 函数返回 false,这样它就不会提交。
试试<button id="loginbtn" onclick="return login();">Log In</button>